/* This the context that we pass to next_proto_cb */
typedef struct tlsextnextprotoctx_st {
unsigned char *data;
- unsigned short len;
+ size_t len;
int status;
} tlsextnextprotoctx;
{"async", OPT_ASYNC, '-', "Support asynchronous operation"},
{"ssl_config", OPT_SSL_CONFIG, 's', "Use specified configuration file"},
{"split_send_frag", OPT_SPLIT_SEND_FRAG, 'n',
- "Size used to split data for encrypt/decrypt pipelines"},
+ "Size used to split data for encrypt pipelines"},
{"max_pipelines", OPT_MAX_PIPELINES, 'n',
"Maximum number of encrypt/decrypt pipelines to be used"},
{"read_buf", OPT_READ_BUF, 'n',
case OPT_SPLIT_SEND_FRAG:
split_send_fragment = atoi(opt_arg());
if (split_send_fragment == 0) {
- /* Not allowed - set to a deliberately bad value */
- split_send_fragment = -1;
+ /*
+ * Not allowed - set to a deliberately bad value so we get an
+ * error message below
+ */
+ split_send_fragment = SSL3_RT_MAX_PLAIN_LENGTH + 1;
}
break;
case OPT_MAX_PIPELINES:
SSL_CTX_set_next_proto_select_cb(ctx, next_proto_cb, &next_proto);
#endif
if (alpn_in) {
- unsigned short alpn_len;
+ size_t alpn_len;
unsigned char *alpn = next_protos_parse(&alpn_len, alpn_in);
if (alpn == NULL) {
goto end;
}
- if (ctx_set_ctlog_list_file(ctx, ctlog_file) <= 0) {
- ERR_print_errors(bio_err);
- goto end;
+ if (!ctx_set_ctlog_list_file(ctx, ctlog_file)) {
+ if (ct_validation != NULL) {
+ ERR_print_errors(bio_err);
+ goto end;
+ }
+
+ /*
+ * If CT validation is not enabled, the log list isn't needed so don't
+ * show errors or abort. We try to load it regardless because then we
+ * can show the names of the logs any SCTs came from (SCTs may be seen
+ * even with validation disabled).
+ */
+ ERR_clear_error();
}
#endif
}
}
- ssl_pending = read_ssl && SSL_pending(con);
+ ssl_pending = read_ssl && SSL_has_pending(con);
if (!ssl_pending) {
#if !defined(OPENSSL_SYS_WINDOWS) && !defined(OPENSSL_SYS_MSDOS) && !defined(OPENSSL_SYS_NETWARE)